The root of all your problems is that your certificates are expired.
Fixing this should be your priority. This is probably going to involve
going back in time to when the certificates are still valid, restarting
IPA, restarting certmonger and waiting for things to properly renew. It
can take some time as the certificates don't all renew at once.

I suspect that once renewed and returned to current time the rest of
your problems will, for the most part, go away.